This conversation is a part of curated story.

50p 2017 - A conference on India's digital payment ecosystem

HasGeek is organizing a new conference on the payments landscape, aiming to bridge the gap betwee...
Jatin Chaudhary curated this conversation as a part of above story

Everyone can see your credit card details. Seriously. by Arnav Gupta, Coding Blocks

How are payments in mobile apps integrated these days :
A startup builds an app (which doesn’t have basic security measures, saves keys in unencrypted flatfiles)
They need to add payments wihtin 2 days . . so let’s use an SDK - Razorpay/Paytm/Zaakpay etc
Use the SDK like a black box, just feeding it an API key
The SDK uses a payment method like Freecharge/PayU/Paytm
The Payment Wallet uses a payment fullfilment service like Juspay, Citrus
That uses a bank gateway like ICICI/Citibank
Oh wait, where does the app run ? Android.
OEM has access to Android base classes and the runtime. Most OEMs are known to spy on users, some have virii.
User’s phone could be rooted, have xPosed installed, could be using a VPN.
The list just goes on, for all the places from where the details could leak. The OEM can sniff any text entered or displayed in an app.If not the OEM, on a rooted app, anyone else can reflect into your Java classes and sniff data. The SDK can monitor the payment details. The payment fullfilment service works via a Webview, and they can too.
How compromised are we exactly when we pay using our cards/netbanking when buying that delicious chicken wrap from the latest food startup’s app ?